lmccay commented on code in PR #3946: URL: https://github.com/apache/gravitino/pull/3946#discussion_r1668547089
########## core/src/main/java/com/datastrato/gravitino/connector/authorization/UserGroupAuthorizationPlugin.java: ########## @@ -0,0 +1,133 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package com.datastrato.gravitino.connector.authorization; + +import com.datastrato.gravitino.authorization.Group; +import com.datastrato.gravitino.authorization.Role; +import com.datastrato.gravitino.authorization.User; +import java.util.List; + +/** + * Interface for authorization User and Group plugin operation of the underlying access control + * system. + */ +interface UserGroupAuthorizationPlugin { + /** + * Add a new User to the underlying access control system. + * + * @param user The user entity. + * @return True if the add User was successfully added, false if the add User failed. + * @throws RuntimeException If adding the User encounters storage issues. + */ + Boolean onAddUser(User user) throws RuntimeException; + + /** + * Removes a User from the underlying access control system. + * + * @param user The name of the User. + * @return True if the User was successfully removed, false if the remove User failed. + * @throws RuntimeException If removing the User encounters storage issues. + */ + Boolean onRemoveUser(String user) throws RuntimeException; + + /** + * Check if a user exists from the underlying access control system. <br> + * Because User information is already stored in the Gravition, so we don't need to get the User Review Comment: Typo. S/Gravition/Garvitino/ ########## core/src/main/java/com/datastrato/gravitino/connector/authorization/UserGroupAuthorizationPlugin.java: ########## @@ -0,0 +1,133 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package com.datastrato.gravitino.connector.authorization; + +import com.datastrato.gravitino.authorization.Group; +import com.datastrato.gravitino.authorization.Role; +import com.datastrato.gravitino.authorization.User; +import java.util.List; + +/** + * Interface for authorization User and Group plugin operation of the underlying access control + * system. + */ +interface UserGroupAuthorizationPlugin { Review Comment: I've requested access to the design doc which may explain this in more detail but I question the need for what appears to be a management API over the authorization system and potentially IDP here. Also, based on some of the java docs here, it sounds as though user and group information is intended to be duplicated to Gravitino itself. I have seen this in other contexts become a source of scale issues with the need for usersync's and the like and shouldn't really be necessary. Again, the design doc may clarify this and I will see the light. :) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
